This video we will demonstrate a Metasploit post exploitation module which forces our victim to connect to our remote attackers waiting PPTP server. This module created by Borja Merino will create a phonbook file *.pbk in the temp folder of our compromise victim machine that is connected to our meterpreter session.
Some points:
Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
As PPTP is in conjunction with PPP it uses CHAP (Challenge Handshake Authentication Protocol) for it security and only uses username and password but the connection are not encrypted.
Modules Github:
https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/manage/pptp_tunnel.rb

For Masquerade and Port forwarding script:
http://goo.gl/LCHlKI

Borja Merino original video:

Note:

For education purpose and for own network or network with permission use only. Use it on your own risk.

source